cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
916
Views
19
Helpful
21
Replies

I need some help!

wladimirpausin
Level 1
Level 1

Hello everyone. I am trying to do this task.

I am working in a network which is class A. We already have a scope which every user for the company could access with their user and password, then they have access to some resources. We managed this with active directory.

I need to allow to external user such a auditors to have access only to internet when they conect their laptops to a network point.

I don't know how to do it. I think I have to create a new scope and autorize in the ADirectory. Also, Do you know if I have to modify something in the switches?.

Any sugestion and previous experience in this task it's welcome.

If you need more information just tell me.

Thanks

21 Replies 21

Mr. Bash
Level 1
Level 1

Creating a new scope in AD is one thing you'll have to do [if you want automatic delivery of IP addresses], however you will also have to provide a way for this new network to pass through your LAN and out through your ISP router.

Describe your LAN a little. What kind of switches do you have? What router do you have for internet access, does it have more than one LAN [ethernet] port?

Thanks for your response.

I have a cisco 3750 which is centralized with the others (cisco 2100 series). I am thinking to create a VLAN. What do you thinK?, If so, What I have to do?. I believe this could be the procedure.

-Create the new scope in dhcp server, autorize in AD.

-Create a VLAN.

I have a router for internet, it's netscreen which is a firewall as well. Do i have to change something here?.// I has more than one ethernet port as you asked me.

Thanks

Hi,

You need to create a VLAN and by using an ACL you need to restrict access to internet only and to no other part of your network.

You can create the VLAN either on the access switch or maybe on the core switch.

Hope this helps...

Regards,

AbhisheK

Please rate all helpful posts!!!

Hi,

Thanks for your answer. I need to create a Vlan, but I don't know if I have to create a private V-lan or ISL V-lan.

Do you recomend me to enable VTP?. Why? I read that many people had troubles with it.

Wladimir

Hi,

I think even the simple ISL VLAN should do, but if you want the network to be very secure you can use P-VLANs.

But for ease of use and management I would recommend simple VLANs. Just create a special VLAN for the auditors and then by using ACLs restrict access only to internet and nothing else.

VTP is recommended only if you are having lots of access switches. If there is only one or two switches to which the auditors are going to connect, theres is no need for VTP. VTP helps you in managing VLANs from one single Core switch, where in you dont need to make changes on all the switches, you just change it on one switch and the information then automatically propogates to all the switches and they update their respective VLAN databases.

There shouldnt be any trouble with VTP, if you take care of making a device to run in transparent or client mode before connecting it to the network. As by default all switches are configured to run in 'server' mode and hence if they have a revision number latest than the current VTP server in the network, all the devices would follows the information propogated by the new switch which in a way is false information.

For more on VTP, refer this URL -->

http://www.cisco.com/en/US/products/hw/switches/ps4324/products_configuration_guide_chapter09186a008062cfb2.html

Hope this helps...

Regards,

AbhisheK

Please rate all helpful posts!!!

Thanks for help.

So, If my network has configurated like this.

2 switch cisco 3750 which are the core and 4 switch 2100 series which are for access.

Do I have to configurate all the switches if I disable VTP?

This network has the switches I mentioned. For the core, They are conected with each other. Do I have to configure both?

Thanks

Wladimir

Hi,

You are welcome.

You'll need to configure VTP only if the auditors can possibly connect to any of the 2100 access switches. If you already know that they would connect to only one access switch what you can do is check if that switch is running in transparent or client mode and then configure a VLAN onto that for them and apply an ACL accordingly.

When you say "They are conected with each other", do you mean that the main core switch and standby switch are connected to each directly. Isnt it?

If you can explain your exact topology in detail, it would be good.

Hope this helps...

Regards,

AbhisheK

Hi,

I mean the core switches as a stack (3750)

it's a star topology which the switches 3750 are providing the services to the access switches (2100 series). The router is conected to the core access.

Wladimir

Hi,

As I said in the previous post, you can decide to use VTP depending upon the number of switches the auditors are going to connect to. If the number is more than 1 I guess you should use VTP for ease of use and no confusion in maintaing the VLAN.

You can create the VLAN on the core and then use VTP to propogate the VLAN information or you can can create the VLAN on one of the access switches only(if the auditors will connect to one specific switch only).

Hope this helps...

Regards,

AbhisheK

Please rate all helpful posts!!!

Hi,

Thanks for help me. All these information had useful.

In fact I will install it in the core switch with VTP. Do I need to configuarte something aditional in the router or firewall? I mean for this task.

Wladimir

Hi,

You are welcome Wladimir.

Nothing needs to be done in the firewall or the router. As you want the auditors to be able to access only internet, just remember to add an ACL for the same on the core switch.

Hope this helps...

Regards,

AbhisheK

Please rate all helpful posts!!!

Hi,

I have a doubt. As I wrote you before. I need to configure the scope for the users which don't belong to the company. So, How many vlan I have to create?. Suppose that it's gonna be for 50 users.

Thanks

Hi,

As you have about 50 users create only one VLAN on the Core switch though and then by VTP propogate it to your VTP switches.

Hope this helps...

Regards,

AbhisheK

Please rate all helpful posts!!!

Hi,

I forgot one things, after you have create the VLAN and have it on the access switch, you'll need to make access ports the member of that particular VLAN by issuing the command " switchport access vlan "

Hope this helps..

Regards,

AbhisheK

Please rate all helpful posts...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco